【Sister】

Ever suspected your friends may be Sistersnooping on your Facebook profile behind your back? It turns out they are, a new study shows.

New research from the University of British Columbia in Canada says 24 percent -- or more than one in five subjects -- had accessed someone else’s Facebook account without permission, and 21 percent have been victims (that knew about the unauthorized access).

The security community calls this kind of profile snooping a "social insider attack." This means the attacker knows the victim and gains access to the account by physically accessing the victim’s device, whether it's a phone, tablet, laptop or something else.

SEE ALSO: Facebook just replaced your desktop inbox with Messenger

The study surveyed 1,308 adult Facebook users in the United States. It looked at a less-talked-about phenomenon -- unauthorized access of accounts by people you know. The study explored five potential motivators: fun, curiosity, jealousy, animosity and utility.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

'Social insider attacks' may be motivated by curiosity or even jealousy.

"We initially wanted to build technical solutions to mitigate these attacks, but we soon discovered that we really did not understand them well," Ivan Beschastnikh, one of the paper's author's told Mashable. "So we decided that instead we should carry out an empirical study to understand the attacks better before attempting to prevent them."

While not much work has been done studying these kinds of attacks, they are certainly not new. You may have seen outrageous posts on your newsfeed only to have the poster later clarify that their account was “facejacked,” “fraped” or “hacked” by a friend. While such unauthorized access is often harmless, there can be much darker motives behind social insider attacks.

One common scenario is that of romantic partners, where the attack may be motivated by curiosity or even jealousy. The perpetrator usually targets private messages of the victim, and the intrusions often go undiscovered.

"One recommendation that we make is that Facebook could provide better support for monitoring passive account activity." Beschastnikh said. "A log that cannot be altered and that records passive actions [such as viewing already-read messages] as well as active actions in the account would (1) allow victims to identify these attacks, and (2) deter potential perpetrators."

Original image has been replaced. Credit: Mashable

Another possible solution, used by several apps that store sensitive information, is for the app to have its own passcode, which the user must input every time they open the app. This ensures that even if the device is left unlocked where third parties could access it, the app's data remains locked. Notably, Facebook, which recently updated its privacy tools, doesn't offer this tool.

Similarly, with fingerprint detection becoming ubiquitous on smartphones, users can set up a fingerprint-based barrier to entry on some apps. Such precautions generally don't translate to laptops, however, so there isn't a universal method to mitigate risks. Getting in the habit of locking your phone and laptop when you're not using them is still the best precaution.

The findings of the study can extend to other apps like Twitter, messaging apps and email. For those services, current security mechanisms aren't very effective against social insider attacks. While this study is relatively small in scale, anyone who has let someone borrow their smartphone or left their laptop unattended at work is aware that social insider attacks are a real risk, and app makers will need to come up with new ways of dealing with them.

---

Featured Video For You

---

Facebook stalkers confess their dark secrets

---

Topics Cybersecurity Facebook Instagram Privacy Snapchat X/Twitter

• Science
• Games
• Life
• Entertainment
• Digital Culture
• Deals
• Shopping
• Tech

• Best Max streaming deal: Save 20% on annual subscriptions
• Robert Pattinson is the star of 'The Batman,' it's confirmed
• Facebook CTO Mike Schroepfer does not deserve our pity
• Hulu's 'Catch
• Waymo data shows humans are terrible drivers compared to AI
• Coinbase lets users in 100+ countries earn crypto by solving quizzes
• Own a Samsung Galaxy? Use it to unlock a secret menu at these places
• 'Game of Thrones' fan theory culture is bad for the future of TV
• The 10 Most Anticipated PC Games of 2016
• A Times Square billboard caught fire, and the tweets were lit

• Theory Damaged
• Elevate Me Later
• Rank and Vile
• House Style
• Ontario Gothic
• Illegitimate Concerns?
• Stuff People Do
• Knowers of Ball
• Running Amok
• A Rupture in Time

• Best robot vacuum deal: Eufy Omni C20 robot vacuum and mop at record
• 'Game of Thrones' Weekly: Very little to talk about before the finale
• How VR porn can change the way we masturbate for the better
• The fastest way to create a burner email account
• Apple is actively looking at AI search for Safari
• Biggest unanswered questions from 'Game of Thrones' Season 8 finale
• Everything coming to (and going from) Hulu in June 2019
• 'Game of Thrones' fan theory culture is bad for the future of TV
• How to Settle Down with Dystopia
• 'Chef's Table' creators David Gelb and Brian McGinn talk 'Street Food'

• Apple is actively looking at AI search for Safari
• 'Game of Thrones' before and after cast photos are super bleak
• Facebook data reportedly helps companies guess your credit score
• Facebook CTO Mike Schroepfer does not deserve our pity
• Samsung Unpacked stream is set for May 12, 2025
• This masturbation playlist of sexy songs will really have you feeling yourself
• Why there's bipartisan support for fighting Huawei's 5G ambitions
• Facebook data reportedly helps companies guess your credit score
• Your 'wrong person' texts may be linked to Myanmar warlord
• Hulu's 'Catch